Disc Soft Ltd Daemon Tools Pro ISO Parsing memory corruption vulnerability [CVE-2021-21832]
CVE number = CVE-2021-21832
A memory corruption vulnerability exists in the ISO Parsing functionality of Disc Soft Ltd Deamon Tools Pro 8.3.0.0767. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
DAEMON Tools Pro is a powerful and professional emulation software to work with disc images and virtual drives. It allows mounting of ISO images on Windows systems.
When parsing a specifically crafted ISO file it is possible to cause a memory corruption. This is due to an integer overflow during a malloc operation.
Tested Versions
Disc Soft Ltd Daemon Tools Pro 8.3.0.0767
Please check the supplier website for any available updates – https://www.daemon-tools.cc/
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.